Senior Technical Manager, IT Risk and Controls

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

The Department

The objectives of the IT Risk & Controls Department are to establish and maintain a robust risk management methodology that effectively identifies, assesses, and mitigates risks related to IT processes and technology. The department ensures that the Club’s IT risk posture is accurately reported and that operations remain within the defined risk appetite, thereby enhancing operational integrity and resilience. By aligning its risk management approach with the Enterprise Risk Management Framework and the Technology Risk Management Framework, and by working closely with business units, the department promotes accountability and transparency across both IT and business functions.

Job Summary

Are you a senior technology risk professional who enjoys re‑imagining how risk management supports modern engineering and operations? Do you thrive on tackling ambiguity, shaping frameworks, and helping technology leaders make better decisions in fast‑moving environments?

We are looking for a Senior Technical Manager, IT Risk & Controls, to lead how technology risk is assessed, interpreted, and governed across the IT Division. This is not a traditional compliance role. You will act as a first‑line risk leader, partnering closely with engineering, operations, data, and security teams to enable innovation without losing sight of performance, resilience, control, and accountability.

In this role, you will evolve the IT Risk Management Methodology from a framework into a living system—one that reflects modern delivery models, emerging technologies, and real operational signals. You will challenge legacy assumptions, introduce new ways of thinking about controls and indicators, and help senior leaders see risk management as an enabler for better decisions, not a barrier to progress.

The Job

• Shape the Future of Technology Risk

You’ll lead the evolution of technology risk practices across the IT Division, ensuring risk and control assessments remain relevant for:

• • Cloud and platform-based architectures
  • Agile, DevSecOps, and product-centric delivery models
  • Cyber, data, digital resilience, and emerging technology risks

You’ll guide teams away from static, checkbox-based controls and toward outcome-focused, risk-driven practices that scale with change.

• Lead Control Assessment with Insight, Not Bureaucracy

You’ll manage and continuously refine the Technology Control Library, ensuring controls:

• • Clearly map to real risks and business impact
  • Are proportionate, and fit for modern environments
  • Enable Technology teams to deliver at pace and innovation rather than slow it down

You’ll design and maintain Key Risk Indicators (KRIs) that go beyond lagging compliance measures, drawing on operational and technical data to surface early warning signals for management.

• Turn Risk Data into Decision Intelligence

You’ll transform risk data into clear, compelling insights for senior leaders by:

• • Developing IT risk posture dashboards that highlight trends, trade-offs, and decision points
  • Translating technical vulnerabilities into business outcomes and choices
  • Helping management understand not just “what’s broken,” but what needs to change/improve and why
• Drive Learning from Incidents and Change

You’ll ensure incidents, near misses, and operational disruptions become learning opportunities, not just closure exercises, by:

• •  Analysing control weaknesses and contributing factors
  • Identifying systemic themes across incidents and changes
  • Driving targeted control and design improvements that prevent recurrence
• Influence, Enable, and Build Capability

You’ll act as a trusted advisor to senior IT leaders, using influence and credibility rather than authority. You’ll:

• • Support governance forums
  • Guide teams through complex risk decisions in high-pressure delivery environments
  • Mentor and develop junior risk practitioners, growing the overall capability of the IT Risk and Control function

About You

• Bachelor's Degree (preferred) in a relevant discipline (e.g., Operational Risk Management, Information Security, IT Risk Management)
• Professional risk management certification (e.g., ISO 31000, CISA, CRISC) and/or industry body affiliation is an advantage
• 10+ years in technology or operational risk management
• Proven track record designing, evolving, and leading technology risk frameworks and control assessment programmes
• Strong control assessment methodology background with a drive to modernise approaches
• Experience influencing outcomes in complex, matrixed environments
• Deep expertise in building and running operational risk management functions within IT organisations
• Deep understanding of technology risk, control design, and operational resilience
• Familiarity with enterprise architecture, service management, asset management, change management, and system migrations
• Knowledge of industry best practices and trends in IT standards, governance, risk, and internal control
• Experience with GRC tooling and risk dashboards, viewed as insight platforms, not repositories
• Capable of assessing and quantifying technology and operational risks, evaluating mitigation measures, and providing practical recommendations
• Technically astute with excellent analytical and decision-making ability
• Able to understand the Club's unique nature, culture, business strategies, and priorities as they relate to risk management
• Excellent written and verbal communication skills in English, including report writing
• Strong leadership with effective people and relationship management skills
• High influencing skills with the ability to engage stakeholders at all levels
• High professional and ethical standards
• Proactive, with the ability to manage multiple tasks under pressure and with conflicting priorities

You are a curious, strategic, and pragmatic risk leader. You enjoy understanding how technology really works—and how it fails—and using that insight to design better controls and decision frameworks. You are comfortable navigating discussions about:

• Architecture and system dependencies
• Change and release risk in Agile environments
• Data governance, privacy, and ethical use of technology
• Cyber and operational resilience trade offs

You are a translator and synthesiser: able to turn complexity into clarity, and uncertainty into informed action. Above all, you believe risk management should enable progress, not constrain it.

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.